Cisco PIX Stealth Problem

Axman

[H]F Junkie
Joined
Jul 13, 2005
Messages
12,873
I'm having some real problems getting my Cisco PIX 506e to stealth ports without blocking them. After about five hours going over manuals written in Ciscoese I figured I should just ask for help.

So how on earth do I begin stealthing ports?
 

Malk-a-mite

[H]ard|Gawd
Joined
Feb 16, 2002
Messages
2,023
Wild guess?
GRC.com online scanner talks about a port being stealthed if they don't recieve a response from the scan.

Basically dropping the packet without giving a response.
 

Axman

[H]F Junkie
Joined
Jul 13, 2005
Messages
12,873
Essentially, that's right; the firewall only allows solicited packets through to the SMTP connector; it generally denies ICMP packets directed to a, several, or all ports while still allowing traffic through. But I've got to be doing something wrong because if I make a "block ICMP on port 25" rule it stops all email.

Our mail server, because it's running IIS, is exposed to a small exploit that allows some spammers to use it as a relay. I haven't set up a port scan filter yet, but that's also on the chopping block.
 

Malk-a-mite

[H]ard|Gawd
Joined
Feb 16, 2002
Messages
2,023
Maybe posting your config (minus the ip details) would be a better route if you think it's a config error, defiantely easier to fix a config than replace the device.
 

Fint

[H]ard|Gawd
Joined
Jun 11, 2004
Messages
1,046
ICMP is directed to an IP, but doesn't use port numbers.; its a layer 3 protocol. TCP/UDP port numbers are layer 4.
 
Top